From 78b95e9956aed15bea9e8f2a0174051786cc7a98 Mon Sep 17 00:00:00 2001 From: MLainer1 Date: Wed, 1 Jan 2025 17:55:25 +0200 Subject: [PATCH 01/11] dev-bug - remove more sensitive data from the logs --- Packs/Base/ReleaseNotes/1_39_7.md | 6 ++++++ Packs/Base/Scripts/CommonServerPython/CommonServerPython.py | 2 +- Packs/Base/pack_metadata.json | 2 +- 3 files changed, 8 insertions(+), 2 deletions(-) create mode 100644 Packs/Base/ReleaseNotes/1_39_7.md diff --git a/Packs/Base/ReleaseNotes/1_39_7.md b/Packs/Base/ReleaseNotes/1_39_7.md new file mode 100644 index 000000000000..51266a1844bb --- /dev/null +++ b/Packs/Base/ReleaseNotes/1_39_7.md @@ -0,0 +1,6 @@ + +#### Scripts + +##### CommonServerPython + +- Added more filtering words in the censor_request_logs function diff --git a/Packs/Base/Scripts/CommonServerPython/CommonServerPython.py b/Packs/Base/Scripts/CommonServerPython/CommonServerPython.py index ee888cac7961..ba3b4c5279eb 100644 --- a/Packs/Base/Scripts/CommonServerPython/CommonServerPython.py +++ b/Packs/Base/Scripts/CommonServerPython/CommonServerPython.py @@ -8843,7 +8843,7 @@ def censor_request_logs(request_log): :return: The censored request log :rtype: ``str`` """ - keywords_to_censor = ['Authorization:', 'Cookie', "Token", "username", "password", "apiKey"] + keywords_to_censor = ['Authorization:', 'Cookie', "Token", "username", "password", "apiKey", "identifier", "accessToken"] lower_keywords_to_censor = [word.lower() for word in keywords_to_censor] trimed_request_log = request_log.lstrip(SEND_PREFIX) diff --git a/Packs/Base/pack_metadata.json b/Packs/Base/pack_metadata.json index 0a73cadfb345..41d9f43c117a 100644 --- a/Packs/Base/pack_metadata.json +++ b/Packs/Base/pack_metadata.json @@ -2,7 +2,7 @@ "name": "Base", "description": "The base pack for Cortex XSOAR.", "support": "xsoar", - "currentVersion": "1.39.6", + "currentVersion": "1.39.7", "author": "Cortex XSOAR", "serverMinVersion": "6.0.0", "url": "https://www.paloaltonetworks.com/cortex", From 179966a6bfe5ec5dafe3112179210c893449fa30 Mon Sep 17 00:00:00 2001 From: MLainer1 Date: Thu, 2 Jan 2025 18:17:46 +0200 Subject: [PATCH 02/11] Updated list --- Packs/Base/Scripts/CommonServerPython/CommonServerPython.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Packs/Base/Scripts/CommonServerPython/CommonServerPython.py b/Packs/Base/Scripts/CommonServerPython/CommonServerPython.py index ba3b4c5279eb..e42ae37cbeaf 100644 --- a/Packs/Base/Scripts/CommonServerPython/CommonServerPython.py +++ b/Packs/Base/Scripts/CommonServerPython/CommonServerPython.py @@ -8843,7 +8843,7 @@ def censor_request_logs(request_log): :return: The censored request log :rtype: ``str`` """ - keywords_to_censor = ['Authorization:', 'Cookie', "Token", "username", "password", "apiKey", "identifier", "accessToken"] + keywords_to_censor = ['Authorization:', 'Cookie', "Token", "user", "password", "Key", "identifier", "credential"] lower_keywords_to_censor = [word.lower() for word in keywords_to_censor] trimed_request_log = request_log.lstrip(SEND_PREFIX) From 97fe9f7603fa29111a6c20d20f7ab5e988afc533 Mon Sep 17 00:00:00 2001 From: MLainer1 Date: Sun, 5 Jan 2025 11:13:36 +0200 Subject: [PATCH 03/11] added tests and IDs for the tests --- .../CommonServerPython/CommonServerPython.py | 2 +- .../CommonServerPython/CommonServerPython_test.py | 13 +++++++++++++ 2 files changed, 14 insertions(+), 1 deletion(-) diff --git a/Packs/Base/Scripts/CommonServerPython/CommonServerPython.py b/Packs/Base/Scripts/CommonServerPython/CommonServerPython.py index e42ae37cbeaf..f5c8de9c644b 100644 --- a/Packs/Base/Scripts/CommonServerPython/CommonServerPython.py +++ b/Packs/Base/Scripts/CommonServerPython/CommonServerPython.py @@ -8843,7 +8843,7 @@ def censor_request_logs(request_log): :return: The censored request log :rtype: ``str`` """ - keywords_to_censor = ['Authorization:', 'Cookie', "Token", "user", "password", "Key", "identifier", "credential"] + keywords_to_censor = ['Authorization:', 'Cookie', "Token", "username", "password", "Key", "identifier", "credential", "client"] lower_keywords_to_censor = [word.lower() for word in keywords_to_censor] trimed_request_log = request_log.lstrip(SEND_PREFIX) diff --git a/Packs/Base/Scripts/CommonServerPython/CommonServerPython_test.py b/Packs/Base/Scripts/CommonServerPython/CommonServerPython_test.py index 54410ac3a797..753898a6d477 100644 --- a/Packs/Base/Scripts/CommonServerPython/CommonServerPython_test.py +++ b/Packs/Base/Scripts/CommonServerPython/CommonServerPython_test.py @@ -9757,6 +9757,19 @@ def test_create_clickable_test_wrong_text_value(): "send: b'GET /api/v1/users HTTP/1.1\\r\\nHost: example.com\\r\\n'", str("send: b'GET /api/v1/users HTTP/1.1\\r\\nHost: example.com\\r\\n'") ), + ( + "send: b'GET /api/v1/users HTTP/1.1\\r\\nHost: example.com\\r\\apiKey: 1234\\r\\n'", + "send: b'GET /api/v1/users HTTP/1.1\\r\\nHost: example.com\\r\\apiKey: \\r\\n'" + ), + ( + "send: b'GET /api/v1/users HTTP/1.1\\r\\nHost: example.com\\r\\credentials: {'good':'day'}\\r\\n'", + "send: b'GET /api/v1/users HTTP/1.1\\r\\nHost: example.com\\r\\credentials: \\r\\n'" + ), + ( + "send: b'GET /api/v1/users HTTP/1.1\\r\\nHost: example.com\\r\\client_name: client\\r\\n'", + "send: b'GET /api/v1/users HTTP/1.1\\r\\nHost: example.com\\r\\client_name: \\r\\n'" + ), + ids=["Bearer", "Cookie", "Authorization", "Bearer", "No change", "Key", "credential", "client"] ]) def test_censor_request_logs(request_log, expected_output): """ From d92dd2e466e9b9149d844d02ab3f20942b01acdc Mon Sep 17 00:00:00 2001 From: MLainer1 Date: Sun, 5 Jan 2025 11:34:11 +0200 Subject: [PATCH 04/11] fix pre commit --- .../Scripts/CommonServerPython/CommonServerPython_test.py | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/Packs/Base/Scripts/CommonServerPython/CommonServerPython_test.py b/Packs/Base/Scripts/CommonServerPython/CommonServerPython_test.py index 753898a6d477..7bfb1d373651 100644 --- a/Packs/Base/Scripts/CommonServerPython/CommonServerPython_test.py +++ b/Packs/Base/Scripts/CommonServerPython/CommonServerPython_test.py @@ -9768,9 +9768,8 @@ def test_create_clickable_test_wrong_text_value(): ( "send: b'GET /api/v1/users HTTP/1.1\\r\\nHost: example.com\\r\\client_name: client\\r\\n'", "send: b'GET /api/v1/users HTTP/1.1\\r\\nHost: example.com\\r\\client_name: \\r\\n'" - ), - ids=["Bearer", "Cookie", "Authorization", "Bearer", "No change", "Key", "credential", "client"] -]) + ),], + ids=["Bearer", "Cookie", "Authorization", "Bearer", "No change", "Key", "credential", "client"],) def test_censor_request_logs(request_log, expected_output): """ Given: From e831337d4324e6268b750ad41cced86483ec698a Mon Sep 17 00:00:00 2001 From: MLainer1 Date: Sun, 5 Jan 2025 15:34:12 +0200 Subject: [PATCH 05/11] pc --- Packs/Base/Scripts/CommonServerPython/CommonServerPython.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/Packs/Base/Scripts/CommonServerPython/CommonServerPython.py b/Packs/Base/Scripts/CommonServerPython/CommonServerPython.py index f5c8de9c644b..cfa58516a78e 100644 --- a/Packs/Base/Scripts/CommonServerPython/CommonServerPython.py +++ b/Packs/Base/Scripts/CommonServerPython/CommonServerPython.py @@ -8843,7 +8843,8 @@ def censor_request_logs(request_log): :return: The censored request log :rtype: ``str`` """ - keywords_to_censor = ['Authorization:', 'Cookie', "Token", "username", "password", "Key", "identifier", "credential", "client"] + keywords_to_censor = ['Authorization:', 'Cookie', "Token", "username", + "password", "Key", "identifier", "credential", "client"] lower_keywords_to_censor = [word.lower() for word in keywords_to_censor] trimed_request_log = request_log.lstrip(SEND_PREFIX) From ed5bfe8ec49141a971fe54ee3c9a31b106f0ca37 Mon Sep 17 00:00:00 2001 From: MLainer1 Date: Mon, 6 Jan 2025 09:14:46 +0200 Subject: [PATCH 06/11] cr --- Packs/Base/ReleaseNotes/1_39_8.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Packs/Base/ReleaseNotes/1_39_8.md b/Packs/Base/ReleaseNotes/1_39_8.md index 153ccc743156..857925461975 100644 --- a/Packs/Base/ReleaseNotes/1_39_8.md +++ b/Packs/Base/ReleaseNotes/1_39_8.md @@ -2,4 +2,4 @@ ##### CommonServerPython -- Added more filtering words in the censor_request_logs function \ No newline at end of file +- Logging improvements. \ No newline at end of file From 953e2fd66536072bbfb68d8dfafaca724ae17465 Mon Sep 17 00:00:00 2001 From: Content Bot Date: Mon, 6 Jan 2025 08:03:17 +0000 Subject: [PATCH 07/11] Bump pack from version Base to 1.39.9. --- Packs/Base/ReleaseNotes/1_39_9.md | 5 +++++ Packs/Base/pack_metadata.json | 2 +- 2 files changed, 6 insertions(+), 1 deletion(-) create mode 100644 Packs/Base/ReleaseNotes/1_39_9.md diff --git a/Packs/Base/ReleaseNotes/1_39_9.md b/Packs/Base/ReleaseNotes/1_39_9.md new file mode 100644 index 000000000000..857925461975 --- /dev/null +++ b/Packs/Base/ReleaseNotes/1_39_9.md @@ -0,0 +1,5 @@ +#### Scripts + +##### CommonServerPython + +- Logging improvements. \ No newline at end of file diff --git a/Packs/Base/pack_metadata.json b/Packs/Base/pack_metadata.json index 7f2e71efd8fb..4fd410ae22bd 100644 --- a/Packs/Base/pack_metadata.json +++ b/Packs/Base/pack_metadata.json @@ -2,7 +2,7 @@ "name": "Base", "description": "The base pack for Cortex XSOAR.", "support": "xsoar", - "currentVersion": "1.39.8", + "currentVersion": "1.39.9", "author": "Cortex XSOAR", "serverMinVersion": "6.0.0", "url": "https://www.paloaltonetworks.com/cortex", From cd285a9ab6189e88e1aeba55b5253dd635c84c59 Mon Sep 17 00:00:00 2001 From: Content Bot Date: Mon, 6 Jan 2025 15:47:18 +0000 Subject: [PATCH 08/11] Bump pack from version Base to 1.39.10. --- Packs/Base/ReleaseNotes/1_39_10.md | 5 +++++ Packs/Base/pack_metadata.json | 2 +- 2 files changed, 6 insertions(+), 1 deletion(-) create mode 100644 Packs/Base/ReleaseNotes/1_39_10.md diff --git a/Packs/Base/ReleaseNotes/1_39_10.md b/Packs/Base/ReleaseNotes/1_39_10.md new file mode 100644 index 000000000000..857925461975 --- /dev/null +++ b/Packs/Base/ReleaseNotes/1_39_10.md @@ -0,0 +1,5 @@ +#### Scripts + +##### CommonServerPython + +- Logging improvements. \ No newline at end of file diff --git a/Packs/Base/pack_metadata.json b/Packs/Base/pack_metadata.json index 4fd410ae22bd..e39bb3e032f1 100644 --- a/Packs/Base/pack_metadata.json +++ b/Packs/Base/pack_metadata.json @@ -2,7 +2,7 @@ "name": "Base", "description": "The base pack for Cortex XSOAR.", "support": "xsoar", - "currentVersion": "1.39.9", + "currentVersion": "1.39.10", "author": "Cortex XSOAR", "serverMinVersion": "6.0.0", "url": "https://www.paloaltonetworks.com/cortex", From 4d0cd18b76b8094c532624e903654c4c6eca2d21 Mon Sep 17 00:00:00 2001 From: Content Bot Date: Tue, 7 Jan 2025 10:01:19 +0000 Subject: [PATCH 09/11] Bump pack from version Base to 1.39.11. --- Packs/Base/ReleaseNotes/1_39_11.md | 5 +++++ Packs/Base/pack_metadata.json | 2 +- 2 files changed, 6 insertions(+), 1 deletion(-) create mode 100644 Packs/Base/ReleaseNotes/1_39_11.md diff --git a/Packs/Base/ReleaseNotes/1_39_11.md b/Packs/Base/ReleaseNotes/1_39_11.md new file mode 100644 index 000000000000..857925461975 --- /dev/null +++ b/Packs/Base/ReleaseNotes/1_39_11.md @@ -0,0 +1,5 @@ +#### Scripts + +##### CommonServerPython + +- Logging improvements. \ No newline at end of file diff --git a/Packs/Base/pack_metadata.json b/Packs/Base/pack_metadata.json index e39bb3e032f1..2d9fd9590f07 100644 --- a/Packs/Base/pack_metadata.json +++ b/Packs/Base/pack_metadata.json @@ -2,7 +2,7 @@ "name": "Base", "description": "The base pack for Cortex XSOAR.", "support": "xsoar", - "currentVersion": "1.39.10", + "currentVersion": "1.39.11", "author": "Cortex XSOAR", "serverMinVersion": "6.0.0", "url": "https://www.paloaltonetworks.com/cortex", From a61127ff9b06f64a7056c300de1146726ed3f3f7 Mon Sep 17 00:00:00 2001 From: Content Bot Date: Wed, 8 Jan 2025 09:17:51 +0000 Subject: [PATCH 10/11] Bump pack from version Base to 1.39.12. --- Packs/Base/ReleaseNotes/1_39_12.md | 5 +++++ Packs/Base/pack_metadata.json | 2 +- 2 files changed, 6 insertions(+), 1 deletion(-) create mode 100644 Packs/Base/ReleaseNotes/1_39_12.md diff --git a/Packs/Base/ReleaseNotes/1_39_12.md b/Packs/Base/ReleaseNotes/1_39_12.md new file mode 100644 index 000000000000..857925461975 --- /dev/null +++ b/Packs/Base/ReleaseNotes/1_39_12.md @@ -0,0 +1,5 @@ +#### Scripts + +##### CommonServerPython + +- Logging improvements. \ No newline at end of file diff --git a/Packs/Base/pack_metadata.json b/Packs/Base/pack_metadata.json index 2d9fd9590f07..be19dead3de7 100644 --- a/Packs/Base/pack_metadata.json +++ b/Packs/Base/pack_metadata.json @@ -2,7 +2,7 @@ "name": "Base", "description": "The base pack for Cortex XSOAR.", "support": "xsoar", - "currentVersion": "1.39.11", + "currentVersion": "1.39.12", "author": "Cortex XSOAR", "serverMinVersion": "6.0.0", "url": "https://www.paloaltonetworks.com/cortex", From 7f3e82d8045cf369e298debc2e0c6e3def77f258 Mon Sep 17 00:00:00 2001 From: MLainer1 Date: Wed, 8 Jan 2025 17:40:18 +0200 Subject: [PATCH 11/11] added JWT --- Packs/Base/Scripts/CommonServerPython/CommonServerPython.py | 4 ++-- .../Scripts/CommonServerPython/CommonServerPython_test.py | 6 +++++- 2 files changed, 7 insertions(+), 3 deletions(-) diff --git a/Packs/Base/Scripts/CommonServerPython/CommonServerPython.py b/Packs/Base/Scripts/CommonServerPython/CommonServerPython.py index cfa58516a78e..cfb9edab8165 100644 --- a/Packs/Base/Scripts/CommonServerPython/CommonServerPython.py +++ b/Packs/Base/Scripts/CommonServerPython/CommonServerPython.py @@ -8856,8 +8856,8 @@ def censor_request_logs(request_log): if any(keyword in word.lower() for keyword in lower_keywords_to_censor): next_word = request_log_lst[i + 1] if i + 1 < len(request_log_lst) else None if next_word: - # If the next word is "Bearer" or "Basic" then we replace the word after it since thats the token - if next_word.lower() in ["bearer", "basic"] and i + 2 < len(request_log_lst): + # If the next word is "Bearer", "JWT" or "Basic" then we replace the word after it since thats the token + if next_word.lower() in ["bearer", "jwt", "basic"] and i + 2 < len(request_log_lst): request_log_lst[i + 2] = MASK elif request_log_lst[i + 1].endswith("}'"): request_log_lst[i + 1] = "\"{}\"}}'".format(MASK) diff --git a/Packs/Base/Scripts/CommonServerPython/CommonServerPython_test.py b/Packs/Base/Scripts/CommonServerPython/CommonServerPython_test.py index 7bfb1d373651..d2436ad38595 100644 --- a/Packs/Base/Scripts/CommonServerPython/CommonServerPython_test.py +++ b/Packs/Base/Scripts/CommonServerPython/CommonServerPython_test.py @@ -9753,6 +9753,10 @@ def test_create_clickable_test_wrong_text_value(): "GET /api/v1/users HTTP/1.1\\r\\nHost: example.com\\r\\nAuthorization: Bearer token123\\r\\n", "GET /api/v1/users HTTP/1.1\\r\\nHost: example.com\\r\\nAuthorization: Bearer \\r\\n" ), + ( + "GET /api/v1/users HTTP/1.1\\r\\nHost: example.com\\r\\nAuthorization: JWT token123\\r\\n", + "GET /api/v1/users HTTP/1.1\\r\\nHost: example.com\\r\\nAuthorization: JWT \\r\\n" + ), ( "send: b'GET /api/v1/users HTTP/1.1\\r\\nHost: example.com\\r\\n'", str("send: b'GET /api/v1/users HTTP/1.1\\r\\nHost: example.com\\r\\n'") @@ -9769,7 +9773,7 @@ def test_create_clickable_test_wrong_text_value(): "send: b'GET /api/v1/users HTTP/1.1\\r\\nHost: example.com\\r\\client_name: client\\r\\n'", "send: b'GET /api/v1/users HTTP/1.1\\r\\nHost: example.com\\r\\client_name: \\r\\n'" ),], - ids=["Bearer", "Cookie", "Authorization", "Bearer", "No change", "Key", "credential", "client"],) + ids=["Bearer", "Cookie", "Authorization", "Bearer", "JWT", "No change", "Key", "credential", "client"],) def test_censor_request_logs(request_log, expected_output): """ Given: